cnvd - cnvd-2022-01324

cnvd-2022-01324

Vulnerability from cnvd

Title

Projectworlds Online Book Store Project In Php SQL注入漏洞

Description

Projectworlds Online Book Store Project In Php是奥地利Projectworlds公司的一个基于Php的在线书店系统。 Projectworlds Online Book Store Project In Php 1.0 存在SQL注入漏洞，攻击者可利用该漏洞转储web应用程序运行的整个数据库。

Severity

高

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.exploit-db.com/exploits/49314

Reference

https://nvd.nist.gov/vuln/detail/CVE-2020-36112

Impacted products

Name
Projectworlds Projectworlds Online Book Store Project In Php 1.0

Show details on source website

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2020-36112",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-36112"
    }
  },
  "description": "Projectworlds Online Book Store Project In Php\u662f\u5965\u5730\u5229Projectworlds\u516c\u53f8\u7684\u4e00\u4e2a\u57fa\u4e8ePhp\u7684\u5728\u7ebf\u4e66\u5e97\u7cfb\u7edf\u3002\n\nProjectworlds Online Book Store Project In Php 1.0 \u5b58\u5728SQL\u6ce8\u5165\u6f0f\u6d1e\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8f6c\u50a8web\u5e94\u7528\u7a0b\u5e8f\u8fd0\u884c\u7684\u6574\u4e2a\u6570\u636e\u5e93\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.exploit-db.com/exploits/49314",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-01324",
  "openTime": "2022-01-07",
  "products": {
    "product": "Projectworlds Projectworlds Online Book Store Project In Php 1.0"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-36112",
  "serverity": "\u9ad8",
  "submitTime": "2021-01-06",
  "title": "Projectworlds Online Book Store Project In Php SQL\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2020-36112 (GCVE-0-2020-36112)

Vulnerability from cvelistv5

Published

2021-01-04 14:46

Modified

2024-08-04 17:16

Severity ?

CWE

n/a

Summary

CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application is running.

References

URL

Tags

https://www.exploit-db.com/exploits/49314

x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T17:16:14.083Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.exploit-db.com/exploits/49314"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application is running."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-01-04T14:46:37",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.exploit-db.com/exploits/49314"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2020-36112",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "CSE Bookstore version 1.0 is vulnerable to time-based blind, boolean-based blind and OR error-based SQL injection in pubid parameter in bookPerPub.php and in cart.php. A successful exploitation of this vulnerability will lead to an attacker dumping the entire database on which the web application is running."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.exploit-db.com/exploits/49314",
              "refsource": "MISC",
              "url": "https://www.exploit-db.com/exploits/49314"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2020-36112",
    "datePublished": "2021-01-04T14:46:37",
    "dateReserved": "2021-01-04T00:00:00",
    "dateUpdated": "2024-08-04T17:16:14.083Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Log in or create an account to share your comment.

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.